ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Finrl Rl Trading

v0.3.3

Use ensemble deep reinforcement learning (A2C, DDPG, PPO, TD3, SAC) to execute automated multi-market stock trading with

0· 94·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/finrl-rl-trading.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Finrl Rl Trading" (tangweigang-jpg/finrl-rl-trading) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/finrl-rl-trading
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install finrl-rl-trading

ClawHub CLI

Package manager switcher

npx clawhub@latest install finrl-rl-trading
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims DRL-based multi-market trading and the SKILL.md contains DRL/backtest/trading pipelines and use cases (Alpaca, ZVT, data sources). That purpose explains needing Python, market data providers, and broker APIs. However the skill manifest declares no required binaries, env vars, or install spec, while SKILL.md explicitly requires Python 3.12+ and the 'uv' package manager and references running Python commands — a mismatch between declared requirements and actual runtime expectations.
!
Instruction Scope
SKILL.md instructs the agent to run host Python commands (precondition checks like importing zvt, running recorders, creating ~/.zvt test files, and pip install suggestions) and to reload seed.yaml before behavioral decisions. It references environment variables (ZVT_HOME) and invoking data recorders that will access external data providers and potentially brokers. Those runtime actions reach into the host filesystem and network and are not surfaced in the manifest, giving the agent ability to execute arbitrary Python on the host if used as-is.
Install Mechanism
No install spec or code files are included (instruction-only), so nothing will be automatically downloaded or written by an installer. This lowers filesystem/remote-install risk. Still, the SKILL.md expects Python 3.12+ and a 'uv' package manager but does not provide an install recipe — the agent or user would likely run pip/uv commands manually per the instructions.
Credentials
The skill declares no required credentials or env vars, yet the content describes interacting with data providers (eastmoney, joinquant, akshare) and brokers (Alpaca) which normally require API keys/credentials. The SKILL.md also references ZVT_HOME and suggests writing to ~/.zvt. The absence of declared credential requirements is an inconsistency: if you run live or paper trading flows you'll need to supply sensitive API keys, but the skill does not document how it expects to receive or store them.
Persistence & Privilege
Flags show always:false and disable-model-invocation:false (normal). The skill does not request permanent inclusion or to modify other skills. Runtime instructions do ask to read and re-read seed.yaml and write to its own data directories (~/.zvt) which is within its scope; no evidence it modifies system-wide agent settings or other skills.
Scan Findings in Context
[no_code_files] expected: The regex-based scanner had nothing to analyze because this is an instruction-only skill (no code files). That is expected for a documentation/instruction crystal, but absence of code does not imply safety — the SKILL.md itself is the runtime behavior.
What to consider before installing
Before installing or running this skill: (1) Treat it as a set of host instructions — it expects you to run Python and may run Python commands that touch ~/.zvt and call external data/broker APIs. Review seed.yaml and references (LOCKS, ANTI_PATTERNS) to understand fatal constraints. (2) Do not run live/paper trading with real API keys until you understand what commands will be executed; the skill does not declare where/how it will store or use broker credentials. Use sandboxed environment or container and a throwaway account for testing. (3) Ensure your Python version and package manager match SKILL.md (it claims Python 3.12+ and 'uv'); the manifest not listing these is an inconsistency to fix. (4) Verify source and license (homepage/source unknown, LICENSE referenced) before trusting it with network access or credentials. (5) If you want the agent to autonomously execute trades, require explicit confirmations, limit permissions, and monitor network/file activity; otherwise run only backtests with test data first.

Like a lobster shell, security has layers — review code before you run it.

doramagic-crystalvk97074h2mjcbz1ckndw30ds06h85cdm7financevk97074h2mjcbz1ckndw30ds06h85cdm7latestvk97074h2mjcbz1ckndw30ds06h85cdm7portfoliovk97074h2mjcbz1ckndw30ds06h85cdm7quantvk97074h2mjcbz1ckndw30ds06h85cdm7rlvk97074h2mjcbz1ckndw30ds06h85cdm7tradingvk97074h2mjcbz1ckndw30ds06h85cdm7
94downloads
0stars
3versions
Updated 4d ago
v0.3.3
MIT-0
Tang Weigang@tangweigang-jpg
doramagic-crystalfinancelatestportfolioquantrltrading
Download

FinRL 强化学习交易 (finrl-rl-trading)

Use ensemble deep reinforcement learning (A2C, DDPG, PPO, TD3, SAC) to execute automated multi-market stock tr。

Pipeline

data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization

Top Use Cases (14 total)

Ensemble Stock Trading ICAIF 2020 (UC-101)

Executing automated stock trading using an ensemble of multiple DRL agents (A2C, DDPG, PPO, TD3, SAC) to reduce individual agent weakness and improve Triggers: ensemble trading, multiple agents, stock trading

NeurIPS 2018 DRL Training (UC-107)

Training deep reinforcement learning agents (A2C, DDPG, PPO, SAC, TD3) for automated stock trading using the StockTradingEnv environment Triggers: DRL training, stock trading, A2C

NeurIPS 2018 Ensemble Backtesting (UC-108)

Backtesting multiple trained DRL agents against baseline strategies (MVO, DJIA) to evaluate and compare ensemble trading performance Triggers: backtesting, ensemble, DRL agents

For all 14 use cases, see references/USE_CASES.md.

Execute trigger: When user intent matches intent_router.uc_entries[].positive_terms AND user uses action verb (run/execute/跑/执行/backtest/fetch/collect)

What I'll Ask You

  • Target market: A-share (default), HK, or crypto? (US stocks in ZVT are half-baked — stockus_nasdaq_AAPL exists but coverage is thin)
  • Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
  • Strategy type: MACD golden-cross, MA crossover, volume breakout, fundamental screen, or custom factor?
  • Time range: start_timestamp and end_timestamp for backtest period
  • Target entity IDs: specific stocks (stock_sh_600000) or index components (SZ1000)?

Semantic Locks (Fatal)

IDRuleOn Violation
SL-01Execute sell orders before buy orders in every trading cyclehalt
SL-02Trading signals MUST use next-bar execution (no look-ahead)halt
SL-03Entity IDs MUST follow format entity_type_exchange_codehalt
SL-04DataFrame index MUST be MultiIndex (entity_id, timestamp)halt
SL-05TradingSignal MUST have EXACTLY ONE of: position_pct, order_money, order_amounthalt
SL-06filter_result column semantics: True=BUY, False=SELL, None/NaN=NO ACTIONhalt
SL-07Transformer MUST run BEFORE Accumulator in factor pipelinehalt
SL-08MACD parameters locked: fast=12, slow=26, signal=9halt

Full lock definitions: references/LOCKS.md

Top Anti-Patterns (25 total)

  • AP-ZVT-183: 除权因子为 inf/NaN 时直接参与乘法导致复权静默失败
  • AP-ZVT-179: 第三方数据接口超限后异常被吞噬,数据静默缺失
  • AP-ZVT-183B: HFQ(后复权)与 QFQ(前复权)K 线表使用错误导致因子计算漂移

All 25 anti-patterns: references/ANTI_PATTERNS.md

Evidence Quality Notice

[QUALITY NOTICE] This crystal was compiled from blueprint finance-bp-061. Evidence verify ratio = 18.9% and audit fail total = 32. Generated results may have uncaptured requirement gaps. Verify critical decisions against source files (LATEST.yaml / LATEST.jsonl).

Reference Files

FileContentsWhen to Load
references/seed.yamlV6+ 全量权威 (source-of-truth)有行为/决策争议时必读
references/ANTI_PATTERNS.md25 条跨项目反模式开始实现前
references/WISDOM.md跨项目精华借鉴架构决策时
references/CONSTRAINTS.mddomain + fatal 约束规则冲突时
references/USE_CASES.md全量 KUC-* 业务场景需要完整示例时
references/LOCKS.mdSL-* + preconditions + hints生成回测/交易代码前
references/COMPONENTS.mdAST 组件地图(按 module 拆分)查 API 时

Compiled by Doramagic crystal-compilation-v6.1 from finance-bp-061 blueprint at 2026-04-22T13:00:18.884984+00:00. See human_summary.md for non-technical overview.

Comments

Loading comments...